Firewall Wizards mailing list archives
RE: Security of HTTPS
From: Servie Platon <servie_tech () yahoo com>
Date: Fri, 26 Nov 2004 16:08:47 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, I'm so sorry for the messed up email before, my apologies. I am not the original poster to this thread but after reading the white paper on the SANS web site made me a little bit weary of the possibilities which I am posting my question based on the topic of MITM attack. 1. How does the cracker hone in to attack a preferred network of choice? Do they just port scan the internet and once it finds one would do the MITM and pose as a legit web site? 2. Do they pose as legit web sites to unsuspecting users, or hiding in the guise of a famous web site but in fact doing a MITM attack? Most people now adays, make online transactions such as buying, selling and other e-commerce type of thing. After reading the whitepaper makes me think twice if it is really safe using HTTPS despite the guarantees being stated by such sites? Any tips, suggestions, as well as explanations as to how this is done and how to avoid such a thing from occuring would mean a lot so that we could limit the chances of being victimized in the future. Thanks in advance. Sincerely, Servie - --- Jean-Denis Gorin <jdg_cnce2004 () yahoo fr> wrote:
Lot of papers about SSL Man In the Middle attack. For example, on the SANS web site: http://www.sans.org/rr/whitepapers/threats/480.php Some kind of proxies use this to enable content filtering of HTTPS traffic... JDG From Alex BihlmaierGood Morning. I am curious how strong the security of https canbe.Is there some possibility of a MITM attack? Are there any papers out there outlining thisaspectof security? //thalunilVous manquez despace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer instantanément avec vos amis. A télécharger gratuitement sur http://fr.messenger.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92 (MingW32) - GPGshell v3.23 iD8DBQFBp8VuyQgrZePdA38RAhCyAJ9eN2yeoM/hccuBm7xFPI82jIY6KgCfedzA KaKBtRpn4XXtSzj4Dkq2L70= =dZR/ -----END PGP SIGNATURE----- Hi folks, I'm so sorry for the messed up email before, my apologies. I am not the original poster to this thread but after reading the white paper on the SANS web site made me a little bit weary of the possibilities which I am posting my question based on the topic of MITM attack. 1. How does the cracker hone in to attack a preferred network of choice? Do they just port scan the internet and once it finds one would do the MITM and pose as a legit web site? 2. Do they pose as legit web sites to unsuspecting users, or hiding in the guise of a famous web site but in fact doing a MITM attack? Most people now adays, make online transactions such as buying, selling and other e-commerce type of thing. After reading the whitepaper makes me think twice if it is really safe using HTTPS despite the guarantees being stated by such sites? Any tips, suggestions, as well as explanations as to how this is done and how to avoid such a thing from occuring would mean a lot so that we could limit the chances of being victimized in the future. Thanks in advance. Sincerely, Servie --- Jean-Denis Gorin <jdg_cnce2004 () yahoo fr> wrote:
Lot of papers about SSL Man In the Middle attack. For example, on the SANS web site: http://www.sans.org/rr/whitepapers/threats/480.php Some kind of proxies use this to enable content filtering of HTTPS traffic... JDG From Alex BihlmaierGood Morning. I am curious how strong the security of https canbe.Is there some possibility of a MITM attack? Are there any papers out there outlining thisaspectof security? //thalunilVous manquez despace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer instantanément avec vos amis. A télécharger gratuitement sur http://fr.messenger.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Security of HTTPS, (continued)
- RE: Security of HTTPS lordchariot (Nov 27)
- RE: Security of HTTPS Frank Knobbe (Nov 27)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- Re: Security of HTTPS Frank Knobbe (Nov 28)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- Re: Security of HTTPS Frank Knobbe (Nov 28)
- RE: Security of HTTPS Frank Knobbe (Nov 27)
- RE: Security of HTTPS lordchariot (Nov 27)
- Re: Security of HTTPS Kevin Sheldrake (Nov 28)
- Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- RE: Security of HTTPS Servie Platon (Nov 27)
- RE: Security of HTTPS Paul D. Robertson (Nov 27)
- Re: Security of HTTPS Kevin Sheldrake (Nov 27)